What’s the Difference Between Opting In and Opting Out?

In order to understand when to install opt-in measures and when to install opt-out measures, you need to first understand the difference between the two, and what each method seeks to accomplish.

What is Opting In?

Opting in is the process by which a user takes an affirmative action to offer their consent.

The most common way we see opt-in methods implemented is through unticked checkboxes. When presented with this option, the user must take action to check the box – denoting their consent.

Opting in can be used in a variety of situations, including getting consent to send emails, getting consent to use cookies, or allowing users to agree to your legal policies.

Example

In the example below, you can see opt-in mechanisms in action:

When a user registers for an account, they have the opportunity to opt in to receiving emails and/or to agree to the terms of use and privacy policy. When they first arrive on this page, both boxes are unchecked, allowing them to take action to indicate their preferences.

What is Opting Out?

Opting out is the process by which a user takes action to withdraw their consent.

Examples

There are two main ways to offer opt-outs to users.

The first way is a pre-emptive opt-out, in which users can uncheck a marked box – or otherwise undo a confirmation – in order to indicate that they are not interested in the activity you’re presenting them.

In this example, assume that the user entered this page and the boxes were already checked. The user then has the opportunity to uncheck the boxes in order to withdraw their consent – or opt out.

The example above is solely used to illustrate a point. When it comes to getting user consent to your privacy policy and terms and conditions, we always recommend you use an opt-in approach.

Another form of opt-out is consent withdrawal.

This is when you offer users a way to withdraw their permission or change their preferences after the original point of consent.

Take for instance the example email below:

In this email from Invision, they note users’ ability to opt out of receiving future marketing contact by directing them to a preference manager via the opt out link.

An even more common method of opt-out that you’re probably familiar with – and may even employ yourself – is the famous “unsubscribe“ link.

Like we see in this email for MarTechExec, unsubscribe links are often contained in the footer of an email, and direct users to a page or form that allows them to opt out of receiving further outreach from that company.

When & How to Use Opt-In

Now that we know the difference between opt-in and opt-out mechanisms, it’s time to figure out when and where to use them. Each strategy has its function in particular situations, and each one is necessary for certain aspects of privacy law compliance.

You should use opt-in if…

You Outline Data Collection in Your Privacy Policy

As we mentioned earlier, it’s always a good idea to get consent to legal policies – like privacy policies and terms and conditions – through user opt-in.

While the GDPR applies to those who collect data from EU citizens, the CCPA affects businesses with Californian users.

The law boasts a provision dedicated to the rights of consumers under the age of 16, regarding the sale of their data.

Section 1798.120 (d) of the CCPA states:

A business shall not sell the personal information of consumers if the business has actual knowledge that the consumer is less than 16 years of age, unless the consumer, […], has affirmatively authorized the sale of the consumer’s personal information.

To get users under the age of 16 to “affirmatively authorize” the sale of their data, you’ll need to implement opt-in measures at the entry-point of your data collection.

For example, add a popup to your sign-up page that’s triggered if a user enters their age or birthday and is under 16 years old.

That popup should have an unchecked box where users can offer their consent to having their information sold – if that’s something you could potentially do with their personal data.

You Use Cookies & Market to EU Citizens

Written into its provisions on data collection, the GDPR establishes guidelines for how to properly obtain consent to the use of cookies.

One element to consider when establishing this form of opt-in is that users should be given the opportunity to consent to specific categories of cookies.

For example, if you use advertising cookies as well as analytics cookies, you should have opt-in checkboxes for each category.

The best place to get the consent you need for cookie use is through a cookie consent banner. This banner will appear at the bottom, top, or on either side of your website when a user enters your site, and will remain there until they’ve taken action to opt in or manage their cookie preferences.

Nike’s website uses a pop-up modal instead of a banner, in which they give users the chance to opt in to the use of cookies, or to get more information. If they click “More Information,” they’re taken to a new pop-up that allows them to customize their cookie preferences by category.

You Want More Targeted Emailing Lists

While installing opt-ins may be a big part of legal compliance, that doesn’t mean that opt-ins aren’t a great business and marketing strategy as well.

Users that opt in to receive emails have already expressed an interest in your site and your product. This makes it easier for you to gauge your audience and target your email campaigns accordingly.

When & How to Use Opt-Out

You Sell the Data of California Residents

Going back to the recently-passed CCPA, the law specifically grants Californian users the “right to opt out” of the sale of their personal data.

Of this development, the text of the CCPA reads:

A consumer shall have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information. This right may be referred to as the right to opt out.

The CCPA further specifies that this opt-out should be made available to users through a link on your homepage and in your privacy policy that reads: “Do Not Sell My Personal Information”.

You Send Marketing Emails

As we mentioned earlier, if you send marketing emails, you need to include an opt-out link in every email – ideally through an “unsubscribe” link.

While it’s absolutely necessary to offer forms of opting out in the two scenarios outlined above, it’s also advisable for you to offer users avenues of opting in to both activities. Getting explicit user consent is always the safest route when it comes to keeping compliant and building trust with your consumers.

Conclusion

While there are situations to use opt-in and situations to use opt-out, any business that wishes to remain compliant with the law and appease their customers will need to employ both methods.

Also keep in mind, that wherever there’s an opt-in, there needs to be an opt-out, so users can withdraw their consent at any time.

With all the recent laws and user demand for greater transparency and control when it comes to data, implementing opt-in and opt-out mechanisms are more important than ever.

Written by
KJ Dearie

KJ Dearie is a product specialist and privacy consultant for Termly, where she advises small business owners on how to comply with the latest data privacy laws and trends. She's been published in Business News Daily, Omnisend, ITProToday, MarTechExec, and more.

Products

Support

Disclaimer: Termly LLC is not a lawyer or a law firm and does not engage in the practice of law or provide legal advice or legal representation. All information, software, services, and comments provided on the site are for informational and self-help purposes only and are not intended to be a substitute for professional legal advice. Use of this site is subject to our Terms of Use.